This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN from Site A to Site B via RED

Hello,

I have two sites (Site A and Site B) that are connected via RED. "RED # 5
Both sites have connectivity and can reach each other's network.

My problem is that my SSL VPN (for Site A) can access resources on Site A, but cannot access anything on Site B.


Site A

Network 192.168.0.0
SSl Network 10.81.234.0


Site B

Network 192.168.40.0
SSl Network 10.81.237.0

Within the Vpn SSl Settings, I left the following access

Allowed network resources (IPv4)
RED # 5


Is it a firewall problem and am I simply setting the wrong rules? Or is this something with the VPN configuration itself?

Thank you.



This thread was automatically locked due to age.
  • sorry, don't understand "Allowed network resources (IPv4) RED # 5" and Where does the "SSl Network 10.81.237.0" comes from?

    you have to allow the subnet from site A and the subnet from Site B within VPN-Definition.

    Additionally you need the matching Firewall-rules.  


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • in image 1 has my settings for vpn ssl


    in image 2 my vpn rules settings


    what I meant with # red5 this is my red tunnel between site 1 and site 2

  • Rede SSl 10.81.237.0

    this network is from vpn ssl, when the client connects to the site 1

  • he create the route, when the connection closes

    C:\Windows\system32\route.exe ADD 189.1.167.218 MASK 255.255.255.255 192.168.68.1
    Fri Feb 05 16:59:11 2021 Route addition via service succeeded
    Fri Feb 05 16:59:11 2021 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.10.10.50
    Fri Feb 05 16:59:11 2021 Route addition via service succeeded
    Fri Feb 05 16:59:11 2021 C:\Windows\system32\route.exe ADD 192.168.20.0 MASK 255.255.255.0 10.10.10.50
    Fri Feb 05 16:59:11 2021 Route addition via service succeeded
    Fri Feb 05 16:59:11 2021 C:\Windows\system32\route.exe ADD 192.168.40.0 MASK 255.255.255.255 10.10.10.50
    Fri Feb 05 16:59:11 2021 Route addition via service succeeded
    Fri Feb 05 16:59:11 2021 C:\Windows\system32\route.exe ADD 189.1.167.218 MASK 255.255.255.255 192.168.68.1

  • 1.
    "Rede SSl 10.81.237.0
    this network is from vpn ssl, when the client connects to the site 1" 
    .... i think your SSL-VPN Network is 10.81.234.0/24 from siteA 
    and using a RED Device you should not have SSL-VPN at Site B (using IP 10.81.237.0/24)
    2. ADD 192.168.40.0 MASK 255.255.255.255 adresses a "single Host" and not the whole network.
    3. show us the route table from client while SSL-VPN connection is established.  
    Would be helpful, you provide a simple network plan.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Ola Luiz,

    and where does the gateway 10.10.10.50 belong to?

    A network diagram would be really helpful.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    i think it is the routing table from local PC (the SSL-VPN-Client)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 1:
    Site 1 uses this network for 10.81.234.0/24 vpn ssl

    two:
    this 192.168.40.0 in the relationship is the local network of site 2

    3:
    here the vpn ssl connection log

    Mon Feb 08 10:17:39 2021 Set TAP-Windows TUN subnet mode network/local/netmask = 10.81.234.0/10.81.234.51/255.255.255.0 [SUCCEEDED]
    Mon Feb 08 10:17:39 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.81.234.51/255.255.255.0 on interface {21A93550-AF30-4193-9140-AA92967CDCA5} [DHCP-serv: 10.81.234.254, lease-time: 31536000]
    Mon Feb 08 10:17:39 2021 Successful ARP Flush on interface [37] {21A93550-AF30-4193-9140-AA92967CDCA5}
    Mon Feb 08 10:17:39 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Feb 08 10:17:39 2021 MANAGEMENT: >STATE:1612790259,ASSIGN_IP,,10.81.234.51,,,,
    Mon Feb 08 10:17:43 2021 TEST ROUTES: 6/6 succeeded len=6 ret=1 a=0 u/d=up
    Mon Feb 08 10:17:43 2021 MANAGEMENT: >STATE:1612790263,ADD_ROUTES,,,,,,
    Mon Feb 08 10:17:43 2021 C:\Windows\system32\route.exe ADD 189.1.167.218 MASK 255.255.255.255 192.168.68.1
    Mon Feb 08 10:17:43 2021 Route addition via service succeeded
    Mon Feb 08 10:17:43 2021 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.81.234.50
    Mon Feb 08 10:17:43 2021 Route addition via service succeeded
    Mon Feb 08 10:17:43 2021 C:\Windows\system32\route.exe ADD 192.168.20.0 MASK 255.255.255.0 10.81.234.50
    Mon Feb 08 10:17:43 2021 Route addition via service succeeded
    Mon Feb 08 10:17:43 2021 C:\Windows\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.81.234.50
    Mon Feb 08 10:17:43 2021 Route addition via service succeeded
    Mon Feb 08 10:17:43 2021 C:\Windows\system32\route.exe ADD 192.168.40.0 MASK 255.255.255.255 10.81.234.50
    Mon Feb 08 10:17:43 2021 Route addition via service succeeded
    Mon Feb 08 10:17:43 2021 C:\Windows\system32\route.exe ADD 189.1.167.218 MASK 255.255.255.255 192.168.68.1
    Mon Feb 08 10:17:43 2021 ROUTE: route addition failed using service: O objeto já existe. [status=5010 if_index=3]
    Mon Feb 08 10:17:43 2021 Route addition via service failed
    Mon Feb 08 10:17:43 2021 Initialization Sequence Completed
    Mon Feb 08 10:17:43 2021 MANAGEMENT: >STATE:1612790263,CONNECTED,SUCCESS,10.81.234.51,189.1.167.218,8443,192.168.68.114,57673

  • Just to register, site to connect site b by red network

    following ip: 172.16.40.1

  • again:

    route.exe ADD 192.168.40.0 MASK 255.255.255.255  x.x.x.x adds a Route to Host 192.168.40.0/32 not to network 192.168.40.0/24

    The definition of the destination network isn't correct


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.